The company I am working for recently purchased the license for your BizCrypto tools, and I have been tasked with figuring out how to utilize them. I am pretty new at using PGP encryption, and I am having some trouble. I am not sure exactly where I went wrong, so any help that can be provided will be greatly appreciated.

When I submit an encrypted message to BizTalk. I receive the following error:

No appropriate OpenPGP secret key for decryption found

The client gave us the following to decrypt it:

1. a key file
2. a password
3. a sub key

I have done this so far:
1. Created a new public and secret keyring.

2. Added the key file to the keyring, using the password we were provided as the -pass parameter.
(The output from the OpenPGPKeyTool indicated that the public keyring was updated, but the secret keyring was not. Therefore the generated secret keyring is empty)

Subkeys are a compound part of an OpenPGP key, so both key and its subkeys are usually transferred as a single file. That is why the fact that you got a subkey apart from the "main" key is strange. Could you please provide us a little more details on these key files -- in particular, the names they have and (if possible) a textual comment from a client that accompanied those files.

The reason for the error you are getting is quite simple - the pipeline just does not see the secret key. The way in which it should be set depends on your answer to the above question.

You also do not need to set the Passphrase property, as it is expected to accept a passphrase for conventionally encrypted files.

BTW, please assign the license ticket you received with the registration letter to your web site account to get Standard support level -- this will let us help you faster.

The client sent us a file called test.key. This is a snippet of what was in it

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (AIX)

[Removed Actual Key]
-----END PGP PUBLIC KEY BLOCK-----

The email I was sent from the client gave us this file, and then in the body of the email they stated what the sub key is. This is what made me think that the sub key is separate, but after what you said I am guessing it is not separate.

Also, what I thought was a password was actually just the Key ID. I tried removing that from the pipeline configuration and it still failed.

Additional note: I just tried extracting my public key from the keyring just to make sure I am doing that step righ, and the output was just seemingly random symbols. Is this to be expected? I have imported/extracted the key into other applications (Kleopatra) and it came out looking the same as it went in.

I used this command to get the key into the keyring:
OpenPGPKeyTool.exe -add -storage [Keyring Name] -keyfile [Key File]

The headers (-----BEGIN PGP PUBLIC KEY BLOCK-----) state that the key you received is public, and therefore it cannot be used for decrypting messages (public keys can only be used for encryption and signature verification). This is also confirmed by the emptiness of the secret keyring file produced by the OpenPGPKeyTool. In order to be able to decrypt messages from your client you must get the corresponding private key. Please consult with your client on this matter. Probably they just have forgotten to send you the private key, or it has been sent to you via other means for security reasons.

Quote

Additional note: I just tried extracting my public key from the keyring just to make sure I am doing that step righ, and the output was just seemingly random symbols.

Yes, it is normal - unarmored OpenPGP key is a long sequence of binary characters that might look as random.

Generally, you need to assign the name of the SSO affiliate to the SSOAffiliateApplication property of the adapter or pipeline. The user id kept in the SSO should contain a key filter defining key(s) to be used for signing/decryption. The first secret value kept in the SSO is expected to contain data encryption password, and the second secret value should contain the secret key. Both secrets are optional and may contain an empty value.

Currently there's no way to store secret key passphrase in the SSO. Instead, you can use the SSO to store the secret key itself (in unencrypted form). Please do the following to set up the pipeline to take the secret key from the SSO:

1. Export the desired secret key to a file without a password.

2. Put the obtained secret key to the second secret slot of the SSO record of the application. Leave the user account name and the first secret value empty.

3. Set SecretKeyringSource property to "Value" (1)

4. Assign a path to your public keyring to the PublicKeyring property and set PublicKeyringSource to "File" (0). This step is optional unless you need to encrypt processed messages (and not only sign them).

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. You can find out more about and set your own preferences here.